Migrate users from iPlanet or Sun JES or Unix user with keep original user's password

I want to migrate users from iPlanet or Sun JES or Unix user with keep original user's password. Before that I used to migrate users from Unix to iPlanet and iPlanet to SUN JES with ldapmodify command by enter userPassword attribute like this.
{CRYPT}cmKaxCui509lU
or
{SSHA}5SlPugduRSKLQJGAovO/kPQdiDqtTF08DmZWMQ==

But in Zimbra it not work (both zmprov and ldapmodify). Have any solutions to do it?

09-01-2006, 06:39 PM

schemers

I've filed a bug (10409) and will fix this in 4.0.1 or 4.0.2. You'll be able to do the following:

in the meantime, here's a little cli php hack i wrote for a recent migration. it takes a csv file with each line "email,password", and outputs an ldif file. it assumes your existing password hash doesn't have the crypto prefix so if yours does you might want to strip out the {crypt} bit, and i only had two .tlds - .co.uk and .com - if you have more you'll have to add them or rewrite it properly, sorry for the ugly hack but might help someone here.

user1 created by zimbra, user2 passed in password from user1, both can loged in.
user3 and user4 passed in password from Sun JES but can't loged in.
user5 passed in password from Solaris password but can't loged in.

How to do it?

09-29-2006, 08:26 AM

dijichi2

usnig 4.01 or 4.02? i haven't tested whether the hash passing actually works or not, hopefully it does. using zmprov to do this?

after you've done the import, look at the userPassword attribute once it's in ldap and compare it to the hash you provide to make sure it's going through untouched. also, sure your user3 and user4 passwords are ssha and not sha or md5? if they're md5 i think they need to go in as {crypt}.

09-29-2006, 10:41 AM

rungsan

I test on zimbra 4.02 with zmprov command and the userPassword attribute after passing is same with original ldap and it is ssha (in Sun JES LDAP the output of ldapsearch command also show encoded type). I think this case is importance for migrating from exiting system.

09-29-2006, 11:07 AM

phoenix

Did you check in bugzilla for bug 10409, you should find what you need there. It helps to check the bug reports that have been raised for a problem. ;)